I try to implement user login for my site. After the user enters his mail and password I create a token on server side and save it in cookie. This token is a sign for me that the user is logged in.
Since the token is just a plain cookie some one can steal it and use for own purposes. How can I prevent this? How do other implement user login in web? There must always be some kind of exchangeable piece of information that can be stolen by Man-in-the-middle attack. Is there any other approaches to do secure user login?
Aucun commentaire:
Enregistrer un commentaire